Chapter 11, lesson 3, practise 2! (not having a great day!)

Spacer_08Spacer_08 Member Posts: 39 ■■□□□□□□□□
Hey again. Ok so I was following this chapter reasonably well untill i came to this practise:

MCSE press book 70-291

1) On computer2 delete any mapped drives or other connections to computer1
2) Log off computer 2
3) Unplug the network connection

'If the computer is not plugged into the network, it cannot obtain kerberos tickets;however, users who have previously authenticated to the domain will be able to log on. Even so they will not be able to use kerberos.'

4)From computer1, log on to the domain

5) Start kerbtray and note that there are no Kerberos tickets

6) Reconnect the network connection

7) Start network monitor capture on computer1

icon_cool.gif Map to the capture share on computer1. You should use the name of the computer in the path, in other words \\computer1\capture.

9) From the capture menu of network monitor, select stop and view and answer following; were you sucessfull?


Now, these are the questions in which I'm stumped:

5: Note that there are no kerberos tickets? Well, there are. The one created when i logged onto computer1!

6: Reconnect the network connection... I fail to understand why i unplugged in the first place! As after unplugging it, I didnt do anything with computer2 and now im just plugging it back in.

8: Map to capture share on computer1... does this mean from computer1 or 2? Because usaully it would say 'logon to computer2' before stating that.

However! The book states that NTLM should have been used, and by sure I found it in network monitor after browsing to the share from computer2.. but I dont understand why it didnt use kerberos to authenticate..sorry if i've missed something really stupid here, I feel i may have :X


  • ClaymooreClaymoore Member Posts: 1,637
    You unplugged the connection on computer 2 so that when you logged in, no Kerberos token was issued.

    When you mapped (or browsed) from computer 2 to the share on computer 1, NTLM authentication was used because no Kerberos token was issued to your user account on computer 2. (Again, because the network connection was unplugged).

    Does that help?
  • Spacer_08Spacer_08 Member Posts: 39 ■■□□□□□□□□
    Hey Claymoore, thanks very much for your reply. My setup at home is a router, a switch followed by the 2 computers plugged into the switch. When the exercise was saying unplug connection, I assumed it meant disconnect the connection from computer2 to the switch.. completely forgetting that ms press assume that no routers/switches are being used icon_sad.gif

    So just to clear up on this then:

    1) Because computer1 is a DC, wouldnt logging onto this computer create a kerberos ticket regardless of what network connections are valid? I'm not actually sure how this works.

    2) Regarding question 8, does this refer to connecting to the share from computer2? I wouldnt think connecting using the UNC from computer1 would do anything here, but where is the instruction to log onto the domain on computer2?

    Thanks again!
Sign In or Register to comment.